tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian K Bonner <brian.bon...@paraware.com>
Subject Re: getUserPrincipal() returning null after authenticated
Date Wed, 28 May 2003 21:00:22 GMT
I'm not sure it's explicitly stated what the behavior will be for access 
to unprotected resources.  I do know that it's different than how it used 
to work in Tomcat 4.0.6.

Case in point, if after you authenticate a user, you want to bring them to 
a page that will show them content based upon a particular role, it isn't 
possible if you return null for the principal.

Brian

seb_esp <seb_esp@hotpop.com> wrote on 05/28/2003 05:04:10 PM:

> That's the expected behavior. It's in Sun's Servlet spec., don't 
> remember exactly where...
> 
> The user will be null if you are in an unprotected resource, EVEN if
> your are authenticated.
> 
> Regards,
> 
> Brian K Bonner wrote:
> > Hello,
> > 
> > I'm seeing something wierd with 4.1.24.  If I access an unprotected 
> > resource after I am authenticated, I receive null from 
getUserPrincipal(). 
> >  I am using the Coyote Http 1.1 connector, although I've tried it with 
the 
> > old catalina Http 1.1 connector.
> > 
> > Here's the test case:
> > 1) access the  unprotected servlet first you'll see "testing 
unprotected 
> > servlet.  user is null"    using either: 
> > http://localhost:8083/testing/unprotected   or 
> > http://localhost:8080/testing/unprotected
> > 2) access the protected servlet, you'll be challenged with the basic 
auth 
> > dialog and then see:  "testing protected servlet.  user is 
> > GenericPrincipal[tomcat]"   using either: 
> > http://localhost:8083/testing/protected   or 
> > http://localhost:8080/testing/protected
> > 3) access the unprotected servlet, I still see:  "testing unprotected 
> > servlet.  user is null"  access it the same as in #1
> > 
> > This should return the same as #2, but it doesn't.  Can someone 
explain 
> > why?? and How can I workaround this problem??   I've been searching on 
the 
> > web, but www.mail-archive appears to be down.
> > 
> > Brian
> > 
> > 
> > 
> > Using Tomcat 4.1.24 standalone with the memory realm.
> > 
> > Here's my abbreviated conf/tomcat-users.xml:
> > <?xml version='1.0' encoding='utf-8'?>
> > <tomcat-users>
> >   <role rolename="editor"/>
> >   <user username="tomcat" password="tomcat" roles="editor"/>
> > </tomcat-users>
> > 
> > The get methods of my two servlets  (protected and unprotected)
> > 
> > unprotected servlet's doGet:
> > 
> >        PrintWriter out = res.getWriter();
> >        out.println("testing unprotected servlet");
> >        out.print("user is ");
> >        Principal p = req.getUserPrincipal();
> >        out.print(p);
> > 
> > protected servlet's doGet:
> > 
> >        PrintWriter out = res.getWriter();
> >        out.println("testing protected servlet");
> >        out.print("user is ");
> >        Principal p = req.getUserPrincipal();
> >        out.print(p);
> > 
> > Here's my web.xml file:
> > 
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web 
Application 
> > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" >
> > <web-app>
> >         <display-name>testing</display-name>
> >         <description>Test Unsecured Pages App</description>
> >         <servlet>
> >                 <servlet-name>protected</servlet-name>
> >  <servlet-class>com.paraware.test.TestServlet</servlet-class>
> >         </servlet>
> >         <servlet>
> >                 <servlet-name>unprotected</servlet-name>
> >  <servlet-class>com.paraware.test.TestServlet2</servlet-class>
> >         </servlet>
> >         <servlet-mapping>
> >                 <servlet-name>protected</servlet-name>
> >                 <url-pattern>/protected</url-pattern>
> >         </servlet-mapping>
> >         <servlet-mapping>
> >                 <servlet-name>unprotected</servlet-name>
> >                 <url-pattern>/unprotected</url-pattern>
> >         </servlet-mapping>
> >         <security-constraint>
> >                 <web-resource-collection>
> >                         <web-resource-name>Secure 
> > Servlets</web-resource-name>
> >                         <description>Files secured for 
> > testing</description>
> >                         <url-pattern>/protected</url-pattern>
> >                         <http-method>GET</http-method>
> >                         <http-method>POST</http-method>
> >                 </web-resource-collection>
> >                 <auth-constraint>
> >                         <description>Editors</description>
> >                         <role-name>editor</role-name>
> >                 </auth-constraint>
> >         </security-constraint>
> >         <login-config>
> >                 <auth-method>BASIC</auth-method>
> >         </login-config>
> >         <security-role>
> >                 <description>Page Editors</description>
> >                 <role-name>editor</role-name>
> >         </security-role>
> > </web-app>
> > 
> > 
> > 
> > And from the server.xml:
> > 
> >     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> >                port="8080" minProcessors="5" maxProcessors="75"
> >                enableLookups="true" redirectPort="8443"
> >                acceptCount="100" debug="4" connectionTimeout="20000"
> >                useURIValidationHack="false" 
disableUploadTimeout="true" />
> > 
> > 
> >     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
> >                port="8009" minProcessors="5" maxProcessors="75"
> >                enableLookups="true" redirectPort="8443"
> >                acceptCount="10" debug="0" connectionTimeout="0"
> >                useURIValidationHack="false"
> >  protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
> > 
> >     <Connector 
> > className="org.apache.catalina.connector.http.HttpConnector"
> >                port="8083" minProcessors="5" maxProcessors="75"
> >                enableLookups="true" redirectPort="8443"
> >                acceptCount="10" debug="0" />
> > 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message